Adobe fixes critical security flaws in Flash, ColdFusion, Campaign

Adobe gives marketers AI-based tools to use customers' data in real timeThe software giant said the updates are focused primarily on email, which remains one of the key channels in a marketer's arsenal.

Adobe's monthly patch update is now available and fixes a handful of vulnerabilities in Flash, ColdFusion, and Campaign Classic.

The June round of fixes released by the tech giant focuses on patching problems which could lead to arbitrary code execution in the software.

Three vulnerabilities -- CVE-2019-7838, CVE-2019-7839, and CVE-2019-7840 have been patched in Adobe ColdFusion 11, 2016, and 2018. The file extension blacklist bypass, command injection, and deserialization of untrusted data error could all lead to arbitrary code execution if left unresolved.

In addition, seven vulnerabilities have been smoothed over in Adobe Campaign Classic, software which is not a common participant in Adobe's patch updates. Versions 18.10.5-8984 and earlier on Windows and Linux machines are affected.

The single critical issue in the batch, CVE-2019-7850, is a command injection bug which can lead to arbitrary code execution.

The latest round of patches builds upon Adobe's previous set of security fixes, released in May. The former update resolved 84 vulnerabilities -- all of which were deemed either important or critical -- in Flash, Acrobat, and Reader.

This week, Microsoft also released the firm's customary round of monthly security updates. In total, 88 bugs were patched and of particular note is the resolution of four out of five zero-day vulnerabilities published in May by an exploit seller known as SandboxEscaper.

Thank You

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.
You will also receive a complimentary subscription to the ZDNet's Tech Update Today and ZDNet Announcement newsletters. You may unsubscribe from these newsletters at any time.